| |
Senate Panel Easily Passes Cybersecurity Bill
Wall Street Journal (03/12/15) Paletta, Damian
The Senate Select Committee on Intelligence easily passed a bill that encourages—but doesn’t require—companies to share information about cyberattacks with each other and the federal government, responding to a growing prevalence of data breaches at large U.S. companies. The 14-1 vote was the first step in what is likely to be a lengthy battle this year over how to prod firms, many of which are skeptical of government data collection, to collaborate more with federal officials to deter attacks. “It is the first leg of a very long race,” the panel’s chairman, Sen. Richard Burr (R-N.C.), told reporters after the vote. Earlier drafts of the bill would extend liability protections to companies that share information with each other and the government to protect them, in some cases, from being sued. Some changes to the bill were made during the vote, though the precise details weren’t shared. Sen. Dianne Feinstein (D-Calif.), told reporters that 15 privacy amendments were offered during debate and 12 were accepted “in whole or in part.”
Senate to Advance Anti-Hacking Bill Amid Privacy Objections
Bloomberg (03/11/15) Strohm, Chris
The Senate Intelligence Committee today will hold a closed-door markup of its CISA cyberthreat information-sharing bill. Insiders say there have been some changes to the bill to increase privacy protections, although privacy and transparency concerns are expected to arise today. Privacy advocates have objected to the bill that would shield companies from lawsuits when they share information about cyber-attacks with each other and federal agencies. Industry groups, such as the Financial Services Roundtable, largely support the bill that’s under consideration by the Senate intelligence committee. Companies have resisted providing data to the government about hacking attacks out of concern they could be sued if they accidentally included private information about their customers, or accused of violating antitrust laws. Information sharing is needed to help prevent attacks that are growing more sophisticated and dangerous, according to the Obama administration. Senator Richard Burr (R-N.C.), chairman of the panel, wrote the bill with Senator Dianne Feinstein of California, the top Democrat on the panel. They plan to submit changes to a draft aimed at satisfying the concerns of privacy advocates who worried that the bill would expand government spying. The bill "represents compromises on both sides following feedback from the executive branch, private sector and privacy advocates," says Feinstein. The new language would limit how the government can use information obtained from companies and restrict countermeasures companies can take, according to a Democratic Senate aide who spoke on the condition of anonymity because the changes have not been announced.
Survey Finds Faith in Internet Trust System Fading Fast
IT World (03/11/15) Roberts, Paul F.
Despite growing reliance on public key encryption, IT professionals have unprecedented skepticism in the technology's ability to protect critical data, indicating a breaking point in digital trust, according to a Ponemon Institute survey. Organizations have increased the number of keys and certificates deployed by 34 percent, but 54 percent do not know where all their keys and certificates are located. The report sounds a dire warning for the countless government and private sector firms that rely on public key encryption to protect online transactions and data. "The digital trust that underpins most of the world’s economy is nearing its breaking point, and there is not replacement in sight," it concludes. Digital certificates have become a standard tool for securing communications to and from Internet connected devices, but oversight of those certificates and the infrastructure that supports them is often loose. Those certificates have become an attractive target for cyber criminal groups and state-backed hacking crews, who exploit the implicit trust granted to the certificates to plant malicious code on other systems. The report suggests organizations adopt practices that allow them to identify and track the certificates used within their environment.
CIA Sought to Hack Apple iPhones From Earliest Days
Reuters (03/10/15) Auchard, Eric
CIA researchers have been working for almost 10 years to break the security protecting Apple products, according to The Intercept, which cited documents obtained from Edward Snowden. The report quotes top-secret U.S. documents that suggest U.S. government researchers have developed a version of Apple's software application development tool to create surveillance backdoors into programs distributed on Apple's App Store. The Intercept said the latest documents, which covered a period from 2006 to 2013, stop short of proving whether U.S. intelligence researchers had succeeded in breaking Apple's encryption coding, which secures user data and communications. Efforts to break into Apple products by government security researchers started as early as 2006, a year before Apple introduced its first iPhone and continued through the launch of the iPad in 2010 and beyond, The Intercept said. Breeching Apple security was part of a top-secret program by the U.S. government, aided by British intelligence researchers, to hack "secure communications products, both foreign and domestic" including Google Android phones, it said. Silicon Valley technology companies have in recent months sought to restore trust among consumers around the world that their products have not become tools for widespread government surveillance of citizens.
Race in Iraq and Syria to Record and Shield Art Falling to ISIS
New York Times (03/09/15) P. A1 Barnard, Anne
Residents of the parts of Iraq and Syria controlled by the Islamic State (ISIS) are attempting to protect local art and antiquities and secretly record the damage already done, but time is running out as ISIS loots and destroys many items. In northern Syria, museum curators have covered mosaics with sealant and sandbags, and Baghdad’s recently reopened National Museum of Iraq now features iron bars to protect galleries of ancient artifacts. ISIS has said that ancient art is idolatry that must be destroyed, but the group is also looting antiquities to raise money, according to officials and experts who track thefts through informants and satellite imagery. Archaeologists and preservationists are used to dealing with threats such as weather, but they say that in ISIS-controlled areas, they can do nothing but document the destruction. As ISIS approached, museum officials were said to have smuggled valuable artifacts out of Deir al-Zour, Syria, on a military plane along with the bodies of fallen soldiers. Iraqi experts, trained from the days of the U.S. invasion of Baghdad, are teaching conservators and concerned residents simple techniques to protect artifacts, such as turning on a cellphone’s GPS function when photographing objects to help trace damage or theft.
Islamic State Accepts Boko Haram's Allegiance Pledge
Los Angeles Times (03/13/15) Dixon, Robyn
Islamic State has welcomed a pledge of allegiance from the Nigeria-based militant group Boko Haram, signaling an expansion of the Syria-based organization into West Africa. In an audio message posted online, Islamic State spokesman Abu Mohammad al-Adnani called on Muslims who could not get to Syria to travel to the land of Islam and join Boko Haram's fight instead. "Our caliph, God save him, has accepted the pledge of loyalty of our brothers of Boko Haram so we congratulate Muslims and our jihadi brothers in West Africa," said Adnani. Boko Haram leader Abubakar Shekau last week declared his group's allegiance and the move is widely seen as a propaganda boost to Islamic State. The acceptance of the pledge comes as Islamic State challenges Al Qaeda as the assumed leader of the Islamist jihadist movements. The African Union has endorsed a force of 10,000 soldiers to fight Islamic State.
Secret Service Agents Disrupted Bomb Investigation at White House
Washington Post (03/13/15) Leonnig, Carol D.; Hermann, Peter
Interviews and police records indicate that two Secret Service agents who drove into White House security barricades, possibly while intoxicated, last week also drove through and active bomb investigation, nearly running over a suspected explosive device. The two agents, George Ogilvie and Marc Connolly, arrived at the White House shortly before 11:00 p.m. on March 4, only a half hour after a women approached the southeast entrance of the White House, placed an object she claimed was bomb on the ground, and then struck a Secret Service officer with her car before escaping. Ogilvie and Connolly reportedly drove through police tape into the investigation scene and hit a temporary barricade, narrowly missing the suspected bomb. Officers on the scene wanted to arrest the two agents, who are both high-ranking, but were told to release them by a more senior supervisor. On Thursday, Reps. Jason Chaffetz (R-Utah) and Elijah E. Cummings (D-Md.) sent a letter to Secret Service Director Joseph P. Clancy asking for a detailed briefing about the incident. In the letter they ask why Ogilvie and Connolly were let go following the incident despite suspicions that they were drunk, when the Secret Service has previously cited a zero tolerance policy when recalling lower-ranking officers suspected of drinking while on the job.
No Classified Emails by Clinton? Some Experts Are Skeptical
New York Times (03/11/15) Shane, Scott
Some experts are dubious of the claim by Hillary Clinton and her aides that the email she used during her time as Secretary of State was not used to transmit classified information. The government has routinely been criticized for overclassifying information, however in the ongoing flap over her use of personal, rather than government, email during her time at the State Department, Clinton has said she "did not email any classified material to anyone on my email." Thomas S. Blanton, director of the National Security Archive at George Washington University, said with some sarcasm that it was "refreshing" for a former secretary to conduct email in an unclassified form. One former State Department worker said he found it highly unlikely that Clinton could conduct State Department business without sending classified information over email. Clinton's aides say that classified communications were conducted through staff with secure BlackBerrys, laptops, and other devices. Steven Aftergood, director of the Project on Government Secrecy at the Federation of American Scientists, says that if the issue of Clinton's emails had come up in a different contest, chances are good some of the email would have been classified. He adds that, "there’s zero chance that she’ll be charged with unauthorized retention of classified information, because she decides what’s classified."
With Clock Ticking, Lawmakers Have No Plan for Reforming NSA
The Hill (03/11/15) Hattem, Julian
Lawmakers show no signs of urgency in passing legislation before the Patriot Act expires on June 1, which could leave the NSA without the tools it says are critical to stop terrorists. In about two months, three provisions of the Patriot Act will expire, including the controversial Section 215, which NSA has used to justify bulk collection of records on Americans' phone calls. "We aren’t ready now, for sure," says Senate Judiciary Committee Chairman Chuck Grassley (R-Iowa), who has been in negotiations with fellow lawmakers. The congressional calendar has Congress out of town following Memorial Day, meaning the deadline is really May 22. Intelligence officials have said they have no plan B for replacing the current program if it is allowed to expire, which, they warn, could handicap agents trying to prevent future attacks. “It’s going to be a tough one, but I really believe that they should be reauthorized," says Sen. Dianne Feinstein (Calif.), the top Democrat on the upper chamber’s Intelligence Committee.
Iraqi and Shiite Forces Seize Large Parts of Tikrit From Islamic State
New York Times (03/11/15) P. A12 Barnard, Anne
In a victory against Islamic State (ISIS), Iraqi security forces and allied Shiite militias on Tuesday seized large parts of Tikrit, after a week of heavy fighting in the largest pro-government military operation yet. If the Iraqi offensive, which involves a combined force of more than 30,000, is successful, it would be a significant step in the march north to Mosul. Officials of the Salahuddin Province military command center said that pro-government forces in Tikrit had advanced close to central buildings, such as the governor’s office. Iraqi security officials believe that most ISIS fighters had already begun withdrawing from Tikrit, given how little resistance the pro-government forces met by the end of the day. Previous victories for the Iraqi government have been reversed before, however, and the latest offensive has revealed tensions in the American-Iraqi alliance. The international coalition against ISIS has sat out the battle for Tikrit, and U.S. officials say they are uncomfortable with the prominent role that Shiite militias and Iranian military officials have had in taking a predominantly Sunni city. Rafid Jaboori, spokesman for Prime Minister Haider al-Abadi, recently said that the United States would still play “a significant role” in any operation to take Mosul, along with Kurdish pesh merga forces.
Cyber Insurance Uptake Increased in 2014
Business Insurance (03/12/15) Greenwald, Judy
The latest "Benchmarking Trends: As Cyber Concerns Broaden, Insurance Purchases Rise" report from March LLC reveals that the number of clients purchasing standalone cyber insurance for the first time rose 32 percent in 2014 from 2013. Companies with revenues higher than $1 billion purchased 22 percent higher cyber limits, averaging $34.1 million, compared to $27.8 million in 2013, found the report. However, the report noted that some policyholders faced challenges as recent loss activity increased, particularly among retailers and financial firms. Renewal rates rose an average of 5 percent and up to 10 percent for some clients. Market capacity also varies by industry, although most sectors could secure cyber coverage with aggregate limits in excess of $200 million.
Regulators, Industry Ratchet Up Cybersecurity Work
Politico Pro (03/12/15) Warmbrodt, Zachary
Derivatives market regulators plan to soon advise traders and firms on how they should handle the risk of cyberattacks. The National Futures Association (NFA) is preparing to release cybersecurity guidance aimed at big and small firms, NFA President Daniel Roth said in an interview. The NFA is working with the CFTC, which next week will hold a roundtable focused on cyber safeguards and testing for futures exchanges, clearinghouses, and repositories that hold derivatives trade data. Exchange and clearinghouse operators, whose top concern is destructive attacks that disrupt markets rather than just customer data concerns, are urging regulators from countries across the globe to get behind an international cybersecurity standard.
Hacking Group May Be NSA in Disguise
The Hill (03/11/15) Viebeck, Elise
The Kaspersky Lab on Wednesday released a report saying the Equation Group, a set of hackers responsible for at least 500 malware infections in 42 countries, could consist of NSA personnel. The researchers said the term "BACKSNARF" was found inside the code of the Equation Group's online platform, and the same term was used by NSA as the name of a project in its cyber warfare unit. In addition to that coincidence, analysis of the Equation Group’s working hours suggests it operates as a regular software development team, likely located on the East Coast of the United States. Members of the group work overwhelmingly during regular business hours from Monday through Friday and almost never on Saturday or Sunday. The Equation Group had already been suspected of ties to the NSA, though Kaspersky researchers still stop short of alleging a direct connection. The hacking collective is considered to be the work of a nation-state, given the vast resources required to support its highly sophisticated activities. Equation Group attacks have also focused almost exclusively on adversaries of the United States, including Iran and Russia.
Microsoft Misses Flaw in 2010 Patch That Was Supposed to Quash Stuxnet Bug
Computerworld (03/11/15) Keizer, Gregg
A Windows vulnerability that was exploited by the Stuxnet worm as long ago as 2008 was not completely patched until Tuesday, according to Hewlett-Packard TippingPoint researcher Brian Gorenc. Although Windows announced the flaw was fixed in 2010, it did not entirely remove the bug. "The patch failed," according to an HP blog post. "And for more than four years, all Windows systems have been vulnerable to exactly the same attack that Stuxnet used for initial deployment." Microsoft finally removed the remaining exploit vector in one of the 14 security updates it released on Tuesday. However, Microsoft falsely called the bug "a new vulnerability that required a new security update," in an emailed statement. The original bug was related to Windows "shortcut" files, which the company failed to correctly parse, and hackers exploited the bug using USB flash drives. The attackers crafted malicious .lnk files, enabling them to hijack a Windows PC as long as the user viewed the contents of the USB drive with a file manager like Windows Explorer. The .lnk vulnerability and its USB-based attack approach was used to bridge the "air gap" between PCs connected to the Internet and those that ran the enrichment control system, according to researchers.
The Landscape of Student Digital Privacy Legislation
Center for Digital Education (03/10/15) Roscorla, Tanya
Already this year, 138 bills dealing with student data privacy have been introduced in more than 75 percent of states, a 25 percent increase over last year. Ten states modeled their 2015 legislation on California's data privacy law, which passed last fall, while nine states introduced bills with similar language. "The scope and number of bills really confirms how much of an ongoing conversation this is for states and how addressing privacy is something they'll be thinking about in different ways over the long term," says Rachel Anderson, a senior associate for policy and advocacy at the Data Quality Campaign who crunched the legislative numbers. "The main message for this year is that states continue to really be engaged in this work and [are] thinking about how we can use data to support students while also safeguarding it," Anderson saud.
Abstracts Copyright © 2015 Information, Inc. Bethesda, MD |
No comments:
Post a Comment